Executive Summary

Title python-ecdsa vulnerabilities
Name USN-4196-1 First vendor Publication 2019-11-18
Vendor Ubuntu Last vendor Modification 2019-11-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores


A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS


Several security issues were fixed in python-ecdsa.

Software Description: - python-ecdsa: ECDSA cryptographic signature library


It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. (CVE-2019-14853)

It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. (CVE-2019-14859)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10:
python-ecdsa 0.13.2-2ubuntu0.1
python3-ecdsa 0.13.2-2ubuntu0.1

Ubuntu 19.04:
python-ecdsa 0.13-3ubuntu0.1
python3-ecdsa 0.13-3ubuntu0.1

Ubuntu 18.04 LTS:
python-ecdsa 0.13-2ubuntu0.18.04.1
python3-ecdsa 0.13-2ubuntu0.18.04.1

Ubuntu 16.04 LTS:
python-ecdsa 0.13-2ubuntu0.16.04.1
python3-ecdsa 0.13-2ubuntu0.16.04.1

In general, a standard system update will make all the necessary changes.

CVE-2019-14853, CVE-2019-14859

Package Information:

Original Source

Url : http://www.ubuntu.com/usn/USN-4196-1

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-03-19 13:20:12
  • First insertion